Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker
Commits: c16b7101 by Holger Levsen at 2020-09-14T08:54:54+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen <[email protected]> - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -71,9 +71,9 @@ fossil NOTE: 20200903: database query in src/add.c. In fact, the patch fixing this CVE is quite invasive. Maybe decide NOTE: 20200903: not to fix it? -- -freerdp (Mike Gabriel) +freerdp -- -gnome-shell (Mike Gabriel) +gnome-shell NOTE: 20200829: https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (sunweaver) -- gnutls28 (Roberto C. Sánchez) @@ -129,7 +129,7 @@ openssl1.0 -- osc (Adrian Bunk) -- -php-horde-trean (Mike Gabriel) +php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- @@ -163,10 +163,10 @@ ruby-doorkeeper NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh) NOTE: 20200831: more investigation needed. (utkarsh) -- -ruby-json-jwt (Utkarsh Gupta) +ruby-json-jwt NOTE: 20200831: TODO: testing against the reproducer. (utkarsh) -- -ruby-kaminari (Utkarsh Gupta) +ruby-kaminari NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to NOTE: 20200819: the one upstream or in its many forks. For example, both dthe NOTE: 20200819: kaminari/kaminari and amatsuda/kaminari repositories does no have the @@ -175,7 +175,7 @@ ruby-kaminari (Utkarsh Gupta) NOTE: 20200831: A new module should be written in config/initializers/kaminari.rb. (utkarsh) NOTE: 20200831: It should prepend_features from Kaminari::Helpers::Tag. (utkarsh) -- -ruby-rack-cors (Utkarsh Gupta) +ruby-rack-cors NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby) NOTE: 20200831: got a reproducer very recently. (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c16b710139b2d28b940420be7949f203e5f9705d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c16b710139b2d28b940420be7949f203e5f9705d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
